Privacy Statement

1What is the purpose of this document?

1.1This privacy notice describes how the Collas Crill Group other than Collas Crill Trust Limited and its subsidiaries and Collas Crill Corporate Services Limited (“Collas Crill” or “the Group”) collects and uses personal information about you in accordance with the applicable data protection legislation

1.2Collas Crill recognises the importance of this data and the risks related to its possession of such data. Collas Crill is committed to protecting the privacy and security of your personal information.

1.3Collas Crill is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. To comply with data protection legislation and best practice we are required to notify you of the information contained in this privacy notice.

1.4This notice sets out your rights under applicable data protection laws as well as our commitment to you regarding how we treat your data. We may update this notice at any time.

1.5It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

1.6This privacy notice has been prepared specifically for Collas Crill's business to business contacts and relates specifically to information we hold and use about individuals in that context.  If you are a client of Collas Crill, or work for a client of Collas Crill, we will hold other information about you and will use it for different purposes.  If this applies to you, you may also care to review our External Privacy Statement here.

2About Collas Crill

The Collas Crill Group is made up of a number of different entities. You will be informed which of these you have a relationship with when you engage with us and that will be the company which controls your personal data. More detail of our group is available here.

We have appointed a Group Information Officer to oversee compliance with this privacy notice for the Collas Crill Group. In each jurisdiction where we work, we have appointed a Local Information Officer to work with the Group Information Officer.

If you have any questions about this privacy notice or how we handle your personal information, please contact your Collas Crill Local Information Officer or the Group Information Officer, contact details of whom are set out below. You have the right to make a complaint at any time to your local regulator for data protection and privacy issues. Details of the local regulators are also set out below:

2.1Group Information Officer

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

2.2British Virgin Islands:

Local Information Officer:     

2.3Cayman

Local Information Officer:     

Regulator: Office of the Ombudsman

2.4Guernsey

Local Information Officer:     

Regulator: Office of the Data Protection Authority

2.5Hong Kong

Local Information Officer:     

Regulator: Office of the Privacy Commissioner for Personal Data

2.6Jersey

Local Information Officer:     

Regulator: Office of the Information Commissioner

2.7London

Local Information Officer:     

Regulator: Information Commissioner's Office

2.8Singapore

Local Information Officer:     

Regulator: Personal Data Protection Commission

3Data protection principles

We will comply with applicable data protection law. Whilst these obligations differ between the various jurisdictions the Group operates in, Collas Crill has committed to applying the highest standards across the Group. This means that the personal information we hold about you must be:

3.1Used lawfully, fairly and in a transparent way.

3.2Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3.3Relevant to the purposes we have told you about and limited only to those purposes.

3.4Accurate and kept up to date.

3.5Kept only as long as necessary for the purposes we have told you about.

3.6Kept securely.

4The kind of information we hold about you

4.1Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

4.2We may collect, store, and use the following categories of personal information about you:

4.2.1Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.

4.2.2Date of birth.

4.2.3Gender.

4.2.4Marital status and dependants.

4.2.5Information about your legal requirements and sector of interest.

5How is your personal information collected?

5.1We collect personal information about you in the course of our business.  In most cases this will be when you provide us with your contact details, such as by giving us a business card, or when you send us a letter or email.  From time to time we may obtain this information from your company or employer's website or from a third party to the extent information about you is in the public domain.

6How we will use information about you?

6.1We will only use your personal information when the law allows us to. Most commonly, we will use your personal information where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.

7Situations in which we will use your personal information

7.1Specifically, we will use your information to contact you to advise you of products and services we provide, events we are holding, news and information releases relevant to you, and/or mutual business opportunities.  In each case we will only contact you in relation to such matters we think may be of interest to you having regard to our understanding of your business, the circumstances in which you provided your details to us, and any business we have done with you previously.

7.2We may also use your personal data to provide services to our clients, in particular where you have introduced them or where these are mutual clients of our respective businesses. 

7.3The situations in which we will process your personal information are listed in Schedule 1, together with the purpose or purposes for which we are processing or will process your personal information.

8Change of purpose

8.1We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

8.2Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9Do we need your consent?

We do not need your consent if we use your personal information in accordance to carry out our legal obligations or exercise specific rights under the law. However you do have the right to tell us to stop using your data.  More information about this is set out below.

10Data sharing

10.1We may have to share your data with third parties, including third-party service providers and other entities in the Group.

10.2We require third parties to respect the security of your data and to treat it in accordance with the law.

10.3We may transfer your personal information outside the EU.

10.4If we do, you can expect an equivalent degree of protection in respect of your personal information.

10.5Why might you share my personal information with third parties?

We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. This may involve us sharing your information with:

10.5.1Regulators and other authorities;

10.5.2Financial services compensation schemes;

10.5.3Fraud prevention agencies;

10.5.4Entities working with you or your business’s product or service;

10.5.5Organisations that introduce you to us;

10.5.6Companies that we introduce you to; and

10.5.7Companies you ask us to share your data with.

If the make-up of the Collas Crill Group changes or such changes are proposed we may share your data with third parties to allow us to sell, merge or transfer aspects of our business or acquire or merge into other businesses. We will only do this if they agree to keep your data to the same standards we have set for holding your data. Following such a change other parties may use your data in line with these standards.

10.6Which third-party service providers process my personal information?

"Third parties" includes third-party service providers (including contractors and designated agents) and other entities within our group.

10.7How secure is my information with third-party service providers and other entities in the Collas Crill group?

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

10.8When might you share my personal information with other entities in the group?

We will share your personal information with other entities in our group for joint business development initiatives, in the context of a business reorganisation or group restructuring exercise and for system maintenance support and hosting of data.

10.9Transferring information outside the EU

We will transfer the personal information we collect about you to the following countries outside the EU:

10.9.1Cayman

10.9.2BVI

10.9.3Jersey

10.9.4Singapore 

in order to perform our contract with you. There is not an adequacy decision by the European Commission in respect of all of those countries. This means that some countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information.

However, to ensure that your personal information does receive an adequate level of protection we have put in place internal policies and contracts in line with international standards to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the applicable laws on data protection. If you require further information about these protective measures, you can request it from your Local Information Officer.

11Data security

11.1We have put in place measures to protect the security of your information.

11.2Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

11.3We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

11.4We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12Data retention

12.1We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Retention periods for your personal information are decided by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. This will vary depending upon the relationship we have with you.

12.2In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

12.3If you have any questions regarding data retention please speak to your Local Information Officer.

13Cookies

We use "cookies" on our website, these are small pieces of data that allow us to track which computers visit our website and how. To find out how, please review our cookie policy here.

14Rights of access, correction, erasure, and restriction

14.1Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

14.2Your rights in connection with personal information

14.3Under certain circumstances, by law you have the right to:

14.3.1Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

14.3.2Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.

14.3.3Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

14.3.4Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

14.3.5Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

14.3.6Request the transfer of your personal information to another party.

14.4If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact your Local Information Officer in writing.

14.5No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

14.6What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

15Changes to this privacy notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.

Schedule

How Collas Crill uses your data

 

September 2019